[Samba] showing all groups using IDMAP_RID
Victor Hiebert
vic at sfu.ca
Wed Nov 9 22:59:05 GMT 2005
We have setup Samba Version 3.0.20b with "experimental" IDMAP_RID with
Winbind support on FreeBSD 5.4 and followed the docs at
http://us1.samba.org/samba/docs/man/Samba3-HOWTO/idmapper.html#id2587670.
The problem is that the id command (the FreeBSD equivalent to getent)
does not return all the groups the user is a member of, however wbinfo
does. Some output:
# id MYDOMAIN\\adomainuser
uid=16705(adomainuser) gid=1013(Domain Users) groups=1013(Domain Users)
wbinfo -r adomainuser
1013
13137
44063
44067
83000
44139
42929
44187
82964
13136
82963
71079
44723
44186
44064
82998
44066
1020
42928
44176
75253
44138
44709
#cat /usr/local/etc/smb.conf
[global]
server string = testbox 3
netbios name = TESTBOX03
workgroup = MYDOMAIN
realm = MY.DOMAIN
security = ads
password server = adserver1 adserver2
lanman auth = no
ntlm auth = no
client ntlmv2 auth = yes
encrypt passwords = yes
use spnego = yes
use kerberos keytab = yes
allow trusted domains = no
idmap backend = idmap_rid:MYDOMAIN=500-100000000
idmap uid = 500-100000000
idmap gid = 500-100000000
template shell = /usr/sbin/nologin
winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
[DATA]
path = /tmp
read only = yes
Is it possible to setup samba/winbind/FreeBSD to return all groups a
user is a member of, and not just the Domain Users group while using
the (very handy) IDMAP_RID with Winbind facility?
Thanks for any help.
More information about the samba
mailing list